Skip to site navigation (Press enter)

[webkit-changes] [292003] trunk/Source/WebKit

pvollan Mon, 28 Mar 2022 16:04:01 -0700

Title: [292003] trunk/Source/WebKit

Revision: 292003
Author: pvol...@apple.com
Date: 2022-03-28 16:03:52 -0700 (Mon, 28 Mar 2022)

Log Message

[macOS] Block access to IOKit class
https://bugs.webkit.org/show_bug.cgi?id=238457


Reviewed by Geoffrey Garen.

Block access to IOKit class AGPMClient on macOS. We already block all messages for this class.

* WebProcess/com.apple.WebProcess.sb.in:

Modified Paths

trunk/Source/WebKit/ChangeLog
trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in

Diff

Modified: trunk/Source/WebKit/ChangeLog (292002 => 292003)


--- trunk/Source/WebKit/ChangeLog	2022-03-28 22:52:49 UTC (rev 292002)
+++ trunk/Source/WebKit/ChangeLog	2022-03-28 23:03:52 UTC (rev 292003)
@@ -1,3 +1,14 @@
+2022-03-28  Per Arne Vollan  <pvol...@apple.com>
+
+        [macOS] Block access to IOKit class
+        https://bugs.webkit.org/show_bug.cgi?id=238457
+
+        Reviewed by Geoffrey Garen.
+
+        Block access to IOKit class AGPMClient on macOS. We already block all messages for this class.
+
+        * WebProcess/com.apple.WebProcess.sb.in:
+
 2022-03-28  Fujii Hironori  <hironori.fu...@sony.com>
 
         Unreviewed build fix after 291979 for WinCairo and PlayStation Debug builds

Modified: trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in (292002 => 292003)


--- trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in	2022-03-28 22:52:49 UTC (rev 292002)
+++ trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in	2022-03-28 23:03:52 UTC (rev 292003)
@@ -454,32 +454,20 @@
     )
 
     ;; QuartzCore
+#if PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED > 110000
+    (deny iokit-open (with no-log)
+        (iokit-registry-entry-class "AGPMClient"))
+#else
+    (allow iokit-open
+        (require-all
+            (extension "com.apple.webkit.extension.iokit")
+            (iokit-registry-entry-class "AGPMClient")))
+#endif
+
     (if (equal? (param "ENABLE_SANDBOX_MESSAGE_FILTER") "YES")
         (allow iokit-open
             (require-all
                 (extension "com.apple.webkit.extension.iokit")
-                (iokit-registry-entry-class "AGPMClient")
-            )
-            (apply-message-filter
-                (deny (with telemetry)
-                    iokit-async-external-method
-                    iokit-external-trap
-                    iokit-external-method
-                )
-            )
-        )
-        ; else
-        (allow iokit-open
-            (require-all
-                (extension "com.apple.webkit.extension.iokit")
-                (iokit-registry-entry-class "AGPMClient")
-            )
-        )
-    )
-    (if (equal? (param "ENABLE_SANDBOX_MESSAGE_FILTER") "YES")
-        (allow iokit-open
-            (require-all
-                (extension "com.apple.webkit.extension.iokit")
                 (iokit-registry-entry-class "AppleGraphicsControlClient")
             )
             (apply-message-filter

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes